ockam_core/
access_control.rs

1use crate::compat::boxed::Box;
2use crate::{async_trait, RelayMessage, Result};
3use core::fmt::Debug;
4
5/// Defines the interface for incoming message flow authorization.
6///
7/// # Examples
8///
9/// ```
10/// # use ockam_core::{Result, async_trait};
11/// # use ockam_core::{IncomingAccessControl, RelayMessage};
12/// #[derive(Debug)]
13/// pub struct IdentityIdAccessControl;
14///
15/// #[async_trait]
16/// impl IncomingAccessControl for IdentityIdAccessControl {
17///     async fn is_authorized(&self, relay_msg: &RelayMessage) -> Result<bool> {
18///         // ...
19///         // some authorization logic that returns one of:
20///         //   ockam_core::allow()
21///         //   ockam_core::deny()
22///         // ...
23/// #       ockam_core::deny()
24///     }
25/// }
26/// ```
27///
28#[async_trait]
29#[allow(clippy::wrong_self_convention)]
30pub trait IncomingAccessControl: Debug + Send + Sync + 'static {
31    // TODO: Consider &mut self
32    /// Return true if the message is allowed to pass, and false if not.
33    async fn is_authorized(&self, relay_msg: &RelayMessage) -> Result<bool>;
34}
35
36/// Defines the interface for outgoing message flow authorization.
37///
38/// # Examples
39///
40/// ```
41/// # use ockam_core::{Result, async_trait};
42/// # use ockam_core::{OutgoingAccessControl, RelayMessage};
43/// #[derive(Debug)]
44/// pub struct LocalAccessControl;
45///
46/// #[async_trait]
47/// impl OutgoingAccessControl for LocalAccessControl {
48///     async fn is_authorized(&self, relay_msg: &RelayMessage) -> Result<bool> {
49///         // ...
50///         // some authorization logic that returns one of:
51///         //   ockam_core::allow()
52///         //   ockam_core::deny()
53///         // ...
54/// #       ockam_core::deny()
55///     }
56/// }
57/// ```
58///
59#[async_trait]
60#[allow(clippy::wrong_self_convention)]
61pub trait OutgoingAccessControl: Debug + Send + Sync + 'static {
62    // TODO: Consider &mut self
63    /// Return true if the message is allowed to pass, and false if not.
64    async fn is_authorized(&self, relay_msg: &RelayMessage) -> Result<bool>;
65}
66
67mod all;
68mod allow_all;
69mod any;
70#[cfg(feature = "std")]
71mod cache;
72mod deny_all;
73mod onward;
74mod source;
75
76pub use all::*;
77pub use allow_all::*;
78pub use any::*;
79#[cfg(feature = "std")]
80pub use cache::*;
81pub use deny_all::*;
82pub use onward::*;
83pub use source::*;